If you read my recent post about the difference between a hosted and self-hosted website, you’ll know that when you own a self-hosted site that you’re responsible for its security. That’s where SSL certification comes in.
What is SSL?
Data travelling from one computer or server to another is encrypted using a protocol called SSL or Secure Sockets Layer (also known as TLS or Transport Layer Security). A website that’s been secured using this protocol will have a URL that begins with HTTPS, which is a secure version of the standard HTTP protocol.
In your online wanderings, you may have noticed a little green padlock next to the address bar in your browser. If you take a closer look, you’ll see that sites with with a padlock start with HTTPS.
Do you need an SSL certificate? Yes, yes you do.
If you own a website, you’ll want to ensure that you have that little green padlock and the S in your URL for a number of reasons:
- As internet security is becoming a bigger concern, web browsers such as Chrome, Firefox and Safari are drawing users’ attention to websites’ level of security by a padlock on secure sites and warnings on insecure ones. As a result, web users are becoming more educated about security issues and less willing to interact on websites that are not secure. If you want your visitors to trust your website, you need an SSL certificate.
- If you accept credit card information for online payments, you are more than likely obliged to ensure the data on your website is encrypted.
- Google gives a slight boost in ranking to websites that use SSL encryption. It’s a way of pushing website owners to secure the data on their sites and thereby protect web users.
So how do you get that little green padlock?
In order for a website to be running HTTP over the SSL encryption protocol, it needs to have an SSL certificate assigned to it.There are three types of SSL certificates:
A domain validated certificate certifies that your domain is replying on the specified domain name. These are the most common certificates and can often be acquired easily and inexpensively (i.e. for free).
An organization validated certificate indicates who owns the website associated with it. It’s a higher level of validation, requires a bit of paperwork to set up and comes at a price. But savvy web users who take the time to look up a site’s certificate will be able to find out who owns the certificate on that site.
An extended validation certificate is an even higher level of validation. It takes a bit more paperwork and costs more, but a site with an extended validation certificate will display the name of the certificate owner right in the browser. This gives the user a great deal of reassurance about who they’re sharing their data with.
How do you know which type of certificate you need?
All types of SSL certificates function in the same way to secure your website; they all encrypt the data moving between servers. The difference is the level of validation, which affects the level of trust it inspires in visitors to a website, and the warranty they provide.
You can get a free domain validated certificate through a company called Let’s Encrypt, and that’s often enough for a basic website. But if you plan to accept credit card payments you’ll want to get a higher level, paid certificate. Certificates can be purchased through certificate authorities, and many web hosting companies offer certification packages. You can check with your own host to see if they facilitate setting up a free domain validated website through Let’s Encrypt.
I’ve created a short video tutorial to show you how I install a free Let’s Encrypt SSL certificate on an existing website. If your website is fairly simple, you may be able to do this yourself. But if it seems overwhelming, reach out to your web developer or host for help.